IN THE SPECIFICATION 

Please amend paragraph [0025] of the pubhshed patent appUcation as follows: 


In one embodiment, a Service Policy Director is transparent by being placed on a path of 
network traffic, between users and an access server to the authentication server. FIG. 1(a) 
illustrates message monitoring by a Service Policy Director 104 as described in the first 
embodiment. In this first embodiment, a Service Policy Director 104 fimctions as a transparent 
switch. A Service Policy Director 104 is placed on a path between a user 100 through a service 
provider network 102 and an access server 103 and an authentication server 106, and receives 
and forwards messages sent by a user 100 destined for an authentication server 106. The Service 
PoUcy Director 104 receives and parses a response message sent by the authentication server, to 
obtain the identification and service attribute information of the user and then forwards these 
messages without making any changes to their contents. 

Please amend paragraph [0026] of the published patent application as follows: 

In another embodiment, a Service Policy Director is configured as a proxy, such that all 
user authentication requests are sent to the Service Policy Director, rather than to an 
authentication server. The Service Policy Director will then query an authentication server for 
each of the user's identification and attribute information, and finally forward the response fi-om 
the authentication server to the appropriate user. In FIG. 1(b), a user 108 sends messages through 
a service network provider 110 and an access server 111 directly to a Service Policy Director 
112. The Service Pohcy Director 112 then redirects the user's messages to an authentication 
server 1 14. When the authentication server 1 14 responds, the Service Policy Director receives 
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and parses a response message sent by the authentication server, to obtain the identification and 
service attribute information of the user and then forwards the response directly to the user 108. 

Please amend paragraph [0027] of the pubhshed patent application as follows: 
In yet another embodiment, a user's authentication messages are copied by an additional 
network device (e.g., a switch), and passed to a passively Hstening Service Pohcy Director. In 
FIG. 1(c), from user 116 through service provider network 118 and access server 119 network 
traffic is copied to a Service PoHcy Director 120 while traffic is in transit over a network. The 
Service Policy Director 120 monitors copied traffic for user authentication requests and 
authentication server responses. Finally, the Service Pohcy Director parses copied message 
traffic to obtain identification and service attribute information of users 1 16 on the network. In 
each embodiment, a Service Pohcy Director monitors authentication message communication 
and stores user's identity and service attributes associated with each user in its internal User 
Policy Table 210. 
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